Comment by simonw

14 days ago

You mean for running unsafe Python code?

I'm on a multi-year quest to answer that question!

The best I've found is running Python code inside Pyodide in WASM in Node.js or Deno accessed from Python via a subprocess, which is a wildly convoluted way to go but does appear to work! https://til.simonwillison.net/deno/pyodide-sandbox

Here's a related recent experimental library which does something similar but with JavaScript rather than Python as the unsafe language, again via Deno in a subprocess: https://github.com/simonw/denobox

I've also experimented with using wasmtime instead of Deno: https://til.simonwillison.net/webassembly/python-in-a-wasm-s...

4 comments

simonw

Reply
syrusakbary  14 days ago

Stay tuned, we are about to release a new version of Wasmer with WASIX, that allows for things that can't currently be done with Pyodide:

  * Multithreaded support
  * Calling subprocesses
  * Signals
  * Full networking support
  * Support for greenlets (say hi to SQLAlchemy!) :)

It requires a small effort in wasmer-js, but it already works fully on the server! :)

pplonski86  13 days ago

Thank you! With WASM I can’t use all pypi packages and can’t connect to database, that’s why I’m looking for python based solution

  • simonw  13 days ago

    In that case you'll need to look at general purpose sandboxes you can run Python in - stuff like Firecracker or Bubblewrap on Linux or sandbox-exec on macOS.

  • syrusakbary  13 days ago

    With Wasmer you should be able to use all pypi packages (even the native ones), although we are a bit light on the native packages we support now